Lucene search
+L

338 matches found

NVD
NVD
added 2008/03/04 11:44 p.m.29 views

CVE-2008-1148

A certain pseudo-random number generator PRNG algorithm that uses ADD with 0 random hops aka "Algorithm A0", as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as 1 DNS transaction IDs or 2 IP fragmentation IDs by observing a...

6.8CVSS6.9AI score0.01424EPSS
Exploits0References7
CVE
CVE
added 2008/03/04 11:0 p.m.77 views

CVE-2008-1148

CVE-2008-1148 concerns a flaw in a PRNG using ADD with 0 random hops (Algorithm A0) that affects OpenBSD 3.5–4.2 and NetBSD 1.6.2–4.0. Attackers can observe a sequence of previously generated values to guess sensitive identifiers such as DNS transaction IDs and IP fragmentation IDs, enabling pote...

6.8CVSS6.9AI score0.01424EPSS
Exploits0References7Affected Software3
securityvulns
securityvulns
added 2007/11/30 12:0 a.m.54 views

FreeBSD Security Advisory FreeBSD-SA-07:09.random

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:09.random Security Advisory The FreeBSD Project Topic: Random value disclosure Category: core Module: sysdevrandom Announced: 2007-11-29 Credits: Robert Woolle...

2.1CVSS5.9AI score0.00328EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2007/07/31 12:0 a.m.44 views

UltraVNC w/ DSM Plugin Detection (2)

UltraVNC seems to be running on the remote port. Upon connection, the remote service on this port sends pseudo-random bytes. It is probably UltraVNC with the new DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 or AES encrypted stream. %NASLMINLEVEL 70300 C Tenable Network...

5.6AI score
Exploits0References1
securityvulns
securityvulns
added 2007/02/27 12:0 a.m.79 views

Mozilla Foundation Security Advisory 2007-05

Mozilla Foundation Security Advisory 2007-05 Title: XSS and local file access by opening blocked popups Impact: Moderate Announced: February 23, 2007 Reporter: shutdown, Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Description shutdown...

6.8CVSS8.5AI score0.02494EPSS
Exploits1
exploitpack
exploitpack
added 2007/01/15 12:0 a.m.22 views

WordPress Plugin SpamBam - Key Calculation Security Bypass

WordPress Plugin SpamBam - Key Calculation Security Bypass source: https://www.securityfocus.com/bid/27291/info SpamBam is prone to a security-bypass vulnerability because client-accessible data can be used to calculate verification keys. Attackers can exploit this issue to submit arbitrary form...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/01/05 12:0 a.m.44 views

Multiple security vulnerabilities in Bluetooth protocol and Bluetooth stacks implementations

Buffer overflows, weak authentication algorithm, weak pseudo-random number generators, directory traversals, etc...

4.4AI score
Exploits0Affected Software2
NVD
NVD
added 2006/07/07 12:5 a.m.24 views

CVE-2006-3419

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...

5CVSS6.5AI score0.01625EPSS
Exploits0References4
OSV
OSV
added 2006/07/07 12:5 a.m.2 views

DEBIAN-CVE-2006-3419

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...

5CVSS6.7AI score0.01625EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/07/07 12:0 a.m.27 views

CVE-2006-3419

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...

6.5AI score0.01625EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.63 views

UltraVNC w/ DSM plugin detection

UltraVNC seems to be running on the remote port. Upon connection, the remote service on this port always sends the same 12 pseudo-random bytes. It is probably UltraVNC with the DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 encrypted stream. SPDX-FileCopyrightText: 2006...

7AI score
Exploits0
securityvulns
securityvulns
added 2003/07/16 12:0 a.m.27 views

Multiple Citadel bugs

Weak PRNG, buffer overflows, DoS...

2.8AI score
Exploits0References1
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.38 views

CVE-2001-1141

The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...

6.2AI score0.04988EPSS
Exploits0References10
CVE
CVE
added 2002/06/25 4:0 a.m.68 views

CVE-2001-1141

CVE-2001-1141: OpenSSL/SSLeay PRNG weakness before 0.9.6b allows attackers to use outputs from small PRNG requests to infer internal state, enabling future-prediction of random numbers. Affected versions include OpenSSL up to 0.9.6b; impact stated as potential exposure of cryptographic material. ...

5CVSS6.2AI score0.04988EPSS
Exploits0References10Affected Software2
FreeBSD Advisory
FreeBSD Advisory
added 2001/07/30 12:0 a.m.7 views

FreeBSD-SA-01:51.openssl

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:51 Security Advisory FreeBSD, Inc. Topic: OpenSSL 0.9.6a and earlier contain flaw in PRNG REVISED Category: core Module: openssl Announced: 2001-07-30 Revised: 2001-07-31...

5.8AI score
Exploits0
NVD
NVD
added 2001/07/10 4:0 a.m.33 views

CVE-2001-1141

The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...

5CVSS6.3AI score0.04988EPSS
Exploits0References10
securityvulns
securityvulns
added 2001/07/10 12:0 a.m.43 views

Проблемы с генерацией псевдо-случайных чисел в OpenSSL (pseudo random generator weakness)

Можно воссоздать состояние генератора псевдо-случайных чисел...

0.7AI score
Exploits0References1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.25 views

Insecure Random Number Generator

Insecure RNG: stormpath-sdk-php/src/Util/UUID.php Lines 167 to 181 in 15aee30 / Generate an UUID version 4 pseudo random / static private function generateRandom$ns, $node $uuid = self::$muuidfield; $uuid'timehi' = 4 12 | mtrand0, 0x1000; $uuid'clockseqhi' = 1 7 | mtrand0, 128; $uuid'timelow' =...

0.9AI score
Exploits0Affected Software1
Rows per page
Query Builder